[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Do you allow http to ports other than 80?
I certainly would not allow this. I might allow an FTP site on another port, but even then I would asign the port and ask a lot questions. ----- Original Message ----- From: "Greg Winkler" <[email protected]> To: <[email protected]> Sent: Monday, July 16, 2001 1:34 PM Subject: [FW1] Do you allow http to ports other than 80? > > > Recently I've been bombarded by requests from my users to gain access to > websites outside the company that run on ports other than 80. Off the top > of my head I recall sites running on 9022, 8095, 81, 89, 8081, 8080, and > I'm sure I've forgotten a few. Up until today I could never get them to > work. I've just learned that, YES, it is possible to allow this on a > firewall by creating a new service with a protocol type set to URI and by > adding a line to fwauthd.conf of the format > > port# in.ahttpd wait 0 > > It was the update to fwauthd.conf that had me stymied. > > My only objection now is that each of these new ports requires another http > security server process to monitor it. I'd just as soon not have a million > security servers running on my firewall to support a very small community > of users who need access to these oddball websites. > > Just what is it with these website admins? Why must they run their sites on > odd port numbers? What's scary is that some of the sites are running on > ports that have been assigned to other services. What the heck is one to do > when the web-site conflicts with the legitimate use of that port? > > I feel like making a stand...."Just say NO to websites that don't run on > port 80". But it appears I will just get stampeded. Do you allow access to > these sites where you work? > > -------------------------------------------------------------------------- -------------- > > Greg Winkler > Systems Manager, IT&S > Huntsman Corporation > Internet Mail: [email protected] > Voice:> Fax:> > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|